The Dutch intelligence service AIVD ‘hacked’ Russian Cozy Bear systems for years

Spying on spies – The hackers from the Dutch intelligence service AIVD ‘compromised’ for years the network of the Russian APT Cozy Bear.

It’s not a mystery, technology firms that intend to work with Russia need to allow the Government experts to scan their code for backdoors and vulnerabilities.

The problem is that this software is often used by the US Government, this means that Russian experts could found bugs or backdoors to exploit in cyber attacks against US Agencies.

Many tech giants already allowed their software review, including McAfee, SAP, Symantec, and HPE, the risk is that foreign Governments could exploit a bug or a backdoor to control them.

Anyway, other firms like Trend Micro has refused to allow the Russians to conduct a source code review of their products.

Of course, the companies defend their position clarifying that the code review s were done under controlled conditions and that not code was allowed to be copied.

News of the day is that the Dutch intelligence service AIVD ‘hacked’ Russian state-sponsored hackers.

The news was reported by the newspaper de Volkskrant, AIVD in 2014 monitored the activity of the Russian APT Cozy Bear (aka APT29) and its efforts to hack into systems at the US Democratic Party‘s and US government servers.

Dutch intelligence service AIVD provided the FBI with crucial information about Russian interference with the American elections.

The AIVD cyber spies compromised security cameras surrounding the building used by the Cozy Bear crew, the Dutch agents were looking for known Russian spies accessing the structure.

“Hackers from the Dutch intelligence service AIVD have provided the FBI with crucial information about Russian interference with the American elections,” reports the Dutch daily newspaper Volkskrant.nl.

“That’s how the AIVD becomes witness to the Russian hackers harassing and penetrating the leaders of the Democratic Party, transferring thousands of emails and documents. It won’t be the last time they alert their American counterparts.”

The Dutch hackers conducted a Computer Network Attack against Russians, they are involved in offensive operations aim to compromise adversary networks.

The unit operates under the Joint Sigint Cyber Unit, a collaborative unit of the AIVD and the Dutch Military Intelligence and Security Service MIVD, of about 300 people.

The Dutch cyber unit is composed of about 80-100 people, part of them is focused on intercepting or managing sources, while another team is dedicated to Computer Network Defence.

It’s unknown what exact information the Dutch hackers collected, the unique certainty is that it linked Cozy Bear to the attacks against the US Government.

“Three American intelligence services state with ‘high confidence’ that the Kremlin was behind the attack on the Democratic Party. That certainty, sources say, is derived from the AIVD hackers having had access to the office-like space in the center of Moscow for years. This is so exceptional that the directors of the foremost American intelligence services are all too happy to receive the Dutchmen.” continues the newspaper.

The Cozy Bear hackers are located in a university building near the Red Square, the team is composed on average of ten people. The entrance is in a curved hallway controlled by a security camera that was hacked by Dutch cyber spies.

Thanks to the AIVD, the NSA was able to locate the command and control servers used by Cozy Bear while it was targeting the systems at the State Department.

“Access to Cozy Bear turns out to be a goldmine for the Dutch hackers. For years, it supplies them with valuable intelligence about targets, methods and the interests of the highest ranking officials of the Russian security service. From the pictures taken of visitors, the AIVD deduces that the hacker group is led by Russia’s external intelligence agency SVR.” continues the Volkskrant.

“There’s a reason the AIVD writes in its annual report about 2014 that many Russian government officials, including president Putin, use secret services to obtain information.”

The AIVD hackers left Cozy Bear’s computer network after an investigation that lasted for 1 and 2,5 years, likely because the Russians cut off their access.

Share On

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.